CVE-2023-40281

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40281
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40281.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40281
Published
2023-08-17T07:15:44Z
Modified
2024-05-29T20:51:59Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.

References

Affected packages

Git / github.com/ec-cube/ec-cube2

Affected ranges

Type
GIT
Repo
https://github.com/ec-cube/ec-cube2
Events